My website under Route 53 and ALB was flooded once on 12 May but seemed AWS Shield Standard version (free) didn't do anything to prevent?
Showing 1000 of 9,828,102 records matched:
2022-05-12T08:01:25.024+08:00 51.15.0.133 - - [12/May/2022:00:01:24 +0000] "GET http://www.1980mu.com:89/ HTTP/1.1" 200 8216 "-" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36" "-"
2022-05-12T08:01:25.024+08:00 51.15.0.133 - - [12/May/2022:00:01:24 +0000] "GET http://www.1980mu.com:89/ HTTP/1.1" 200 8216 "-" "Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko" "-"
2022-05-12T08:01:25.024+08:00 51.15.0.133 - - [12/May/2022:00:01:24 +0000] "GET http://www.1980mu.com:89/ HTTP/1.1" 200 8216 "-" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36" "-"
2022-05-12T08:01:25.024+08:00 51.15.0.133 - - [12/May/2022:00:01:24 +0000] "GET http://www.1980mu.com:89/ HTTP/1.1" 200 8216 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3599.0 Safari/537.36" "-"
2022-05-12T08:01:25.024+08:00 51.15.0.133 - - [12/May/2022:00:01:24 +0000] "GET http://www.1980mu.com:89/ HTTP/1.1" 200 8216 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; rv:11.0) like Gecko" "-"
enter image description here
Shield standard only protects Layer 3 and 4 of your application network stack - so its expected it would allow valid web traffic through. You would need to use Shield Advanced or WAF to gain greater control and Cloud Front to provide a caching layer (all paid services) to better protect your instances.
My advice is to follow the principle of least privilege at each layer in terms of firewall ports open and what hostnames you allow. You can use rate limiting via WAF to avoid getting flooded, and using CloudFront to intercept requests and return cached responses where possible to reduce load on your instances.
Related
Nginx works in Docker compose with Django, react, postgress containers
Nginx shows requests for PHP, testPHP endpoints with status code 200
1.171.112.23 - - [27/Nov/2022:09:37:21 +0000] "GET /phpMyAdmin5.2/index.php?lang=en HTTP/1.1" 200 557 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36" "-"
1.171.112.23 - - [27/Nov/2022:09:37:21 +0000] "GET /2phpmyadmin/index.php?lang=en HTTP/1.1" 200 557 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36" "-"
1.171.112.23 - - [27/Nov/2022:09:37:21 +0000] "GET /wp-content/plugins/portable-phpmyadmin/wp-pma-mod/index.php?lang=en HTTP/1.1" 200 557 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36" "-"
1.171.112.23 - - [27/Nov/2022:09:37:21 +0000] "GET /phpmyadmin4/index.php?lang=en HTTP/1.1" 200 557 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36" "-"
1.171.112.23 - - [27/Nov/2022:09:37:22 +0000] "GET /mysql/sqlmanager/index.php?lang=en HTTP/1.1" 200 557 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36" "-"
1.171.112.23 - - [27/Nov/2022:09:37:22 +0000] "GET /phpmyadmin2016/index.php?lang=en HTTP/1.1" 200 557 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36" "-"
1.171.112.23 - - [27/Nov/2022:09:37:22 +0000] "GET /db/myadmin/index.php?lang=en HTTP/1.1" 200 557 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36" "-"
1.171.112.23 - - [27/Nov/2022:09:37:22 +0000] "GET /sql/websql/index.php?lang=en HTTP/1.1" 200 557 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36" "-"
1.171.112.23 - - [27/Nov/2022:09:37:22 +0000] "GET /php-my-admin/index.php?lang=en HTTP/1.1" 200 557 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36" "-"
1.171.112.23 - - [27/Nov/2022:09:37:23 +0000] "GET /phpMyAdmin-5.3.0-all-languages/index.php?lang=en HTTP/1.1" 200 557 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36" "-"
1.171.112.23 - - [27/Nov/2022:09:37:23 +0000] "GET /shopdb/index.php?lang=en HTTP/1.1" 200 557 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36" "-"
1.171.112.23 - - [27/Nov/2022:09:37:23 +0000] "GET /administrator/db/index.php?lang=en HTTP/1.1" 404 179 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36" "-"
1.171.112.23 - - [27/Nov/2022:09:37:23 +0000] "GET /sql/php-myadmin/index.php?lang=en HTTP/1.1" 200 557 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36" "-"
1.171.112.23 - - [27/Nov/2022:09:37:23 +0000] "GET /phpmyadmin2014/index.php?lang=en HTTP/1.1" 200 557 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36" "-"
1.171.112.23 - - [27/Nov/2022:09:37:24 +0000] "GET /phpMyAdmin-5.1.2/index.php?lang=en HTTP/1.1" 200 557 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36" "-"
1.171.112.23 - - [27/Nov/2022:09:37:24 +0000] "GET /phpMyAdmin/index.php?lang=en HTTP/1.1" 200 557 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36" "-"
1.171.112.23 - - [27/Nov/2022:09:37:24 +0000] "GET /db/db-admin/index.php?lang=en HTTP/1.1" 200 557 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36" "-"
1.171.112.23 - - [27/Nov/2022:09:37:24 +0000] "GET /sql/phpmyadmin5/index.php?lang=en HTTP/1.1" 200 557 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36" "-"
1.171.112.23 - - [27/Nov/2022:09:37:24 +0000] "GET /phpMyAdmin-3/index.php?lang=en HTTP/1.1" 200 557 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36" "-"
1.171.112.23 - - [27/Nov/2022:09:37:25 +0000] "GET /administrator/phpMyAdmin/index.php?lang=en HTTP/1.1" 404 179 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36" "-"
1.171.112.23 - - [27/Nov/2022:09:37:25 +0000] "GET /admin/phpMyAdmin/index.php?lang=en HTTP/1.1" 302 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36" "-"
1.171.112.23 - - [27/Nov/2022:09:37:25 +0000] "GET /admin/login/?next=/admin/phpMyAdmin/index.php%3Flang%3Den HTTP/1.1" 200 2313 "http://147.182.131.129/admin/phpMyAdmin/index.php?lang=en" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36" "-"
1.171.112.23 - - [27/Nov/2022:09:37:25 +0000] "GET /db/webdb/index.php?lang=en HTTP/1.1" 200 557 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36" "-"
1.171.112.23 - - [27/Nov/2022:09:37:25 +0000] "GET /phpmyadmin2015/index.php?lang=en HTTP/1.1" 200 557 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36" "-"
1.171.112.23 - - [27/Nov/2022:09:37:26 +0000] "GET /mysql/admin/index.php?lang=en HTTP/1.1" 200 557 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36" "-"
1.171.112.23 - - [27/Nov/2022:09:37:26 +0000] "GET /sql/phpmanager/index.php?lang=en HTTP/1.1" 200 557 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36" "-"
1.171.112.23 - - [27/Nov/2022:09:37:26 +0000] "GET /administrator/db/index.php?lang=en HTTP/1.1" 404 179 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36" "-"
1.171.112.23 - - [27/Nov/2022:09:37:26 +0000] "GET /phpmyadmin2020/index.php?lang=en HTTP/1.1" 200 557 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36" "-"
1.171.112.23 - - [27/Nov/2022:09:37:26 +0000] "GET /phpmyadmin5/index.php?lang=en HTTP/1.1" 200 557 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36" "-"
1.171.112.23 - - [27/Nov/2022:09:37:27 +0000] "GET /phpmy/192.1index.php?lang=en HTTP/1.1" 200 557 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36" "-"
1.171.112.23 - - [27/Nov/2022:09:37:27 +0000] "GET /phpMyAdmin5.2/index.php?lang=en HTTP/1.1" 200 557 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36" "-"
1.171.112.23 - - [27/Nov/2022:09:37:27 +0000] "GET /phpmyadmin2022/index.php?lang=en HTTP/1.1" 200 557 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36" "-"
1.171.112.23 - - [27/Nov/2022:09:37:27 +0000] "GET /sql/sql-admin/index.php?lang=en HTTP/1.1" 200 557 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36" "-"
1.171.112.23 - - [27/Nov/2022:09:37:27 +0000] "GET /sql/sqlweb/index.php?lang=en HTTP/1.1" 200 557 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36" "-"
1.171.112.23 - - [27/Nov/2022:09:37:28 +0000] "GET /phpmyadmin2015/index.php?lang=en HTTP/1.1" 200 557 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36" "-"
1.171.112.23 - - [27/Nov/2022:09:37:28 +0000] "GET /phpMyAdmin-4.9.7/index.php?lang=en HTTP/1.1" 200 557 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36" "-"
1.171.112.23 - - [27/Nov/2022:09:37:28 +0000] "GET /2phpmyadmin/index.php?lang=en HTTP/1.1" 200 557 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36" "-"
1.171.112.23 - - [27/Nov/2022:09:37:28 +0000] "GET /database/index.php?lang=en HTTP/1.1" 200 557 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36" "-"
1.171.112.23 - - [27/Nov/2022:09:37:28 +0000] "GET /db/phpMyAdmin3/index.php?lang=en HTTP/1.1" 200 557 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36" "-"
1.171.112.23 - - [27/Nov/2022:09:37:29 +0000] "GET /administratorindex.php?lang=en HTTP/1.1" 404 179 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36" "-"
1.171.112.23 - - [27/Nov/2022:09:37:29 +0000] "GET /sql/phpmanager/index.php?lang=en HTTP/1.1" 200 557 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36" "-"
1.171.112.23 - - [27/Nov/2022:09:37:29 +0000] "GET /sql/phpmanager/index.php?lang=en HTTP/1.1" 200 557 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36" "-"
1.171.112.23 - - [27/Nov/2022:09:37:29 +0000] "GET /sql/sqlweb/index.php?lang=en HTTP/1.1" 200 557 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36" "-"
1.171.112.23 - - [27/Nov/2022:09:37:29 +0000] "GET /db/myadmin/index.php?lang=en HTTP/1.1" 200 557 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36" "-"
1.171.112.23 - - [27/Nov/2022:09:37:30 +0000] "GET /administrator/web/index.php?lang=en HTTP/1.1" 404 179 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36" "-"
1.171.112.23 - - [27/Nov/2022:09:37:30 +0000] "GET /wp-content/plugins/portable-phpmyadmin/wp-pma-mod/index.php?lang=en HTTP/1.1" 200 557 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36" "-"
1.171.112.23 - - [27/Nov/2022:09:37:30 +0000] "GET /admin/pma/index.php?lang=en HTTP/1.1" 302 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36" "-"
1.171.112.23 - - [27/Nov/2022:09:37:31 +0000] "GET /_phpmyadmin_/index.php?lang=en HTTP/1.1" 200 557 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36" "-"
1.171.112.23 - - [27/Nov/2022:09:37:31 +0000] "GET /phpmyadmin2019/index.php?lang=en HTTP/1.1" 200 557 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36" "-"
1.171.112.23 - - [27/Nov/2022:09:37:31 +0000] "GET /phpmyadmin2016/index.php?lang=en HTTP/1.1" 200 557 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36" "-"
1.171.112.23 - - [27/Nov/2022:09:37:31 +0000] "GET /db/phpMyAdmin-5/index.php?lang=en HTTP/1.1" 200 557 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36" "-"
1.171.112.23 - - [27/Nov/2022:09:37:31 +0000] "GET /phpMyAdmin-5.2.0-all-languages/index.php?lang=en HTTP/1.1" 200 557 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36" "-"
1.171.112.23 - - [27/Nov/2022:09:37:32 +0000] "GET /db/phpMyAdmin/index.php?lang=en HTTP/1.1" 200 557 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36" "-"
1.171.112.23 - - [27/Nov/2022:09:37:32 +0000] "GET /phpmyadmin2012/index.php?lang=en HTTP/1.1" 200 557 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36" "-"
1.171.112.23 - - [27/Nov/2022:09:37:32 +0000] "GET /php-myadmin/index.php?lang=en HTTP/1.1" 200 557 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36" "-"
1.171.112.23 - - [27/Nov/2022:09:37:32 +0000] "GET /db/phpMyAdmin-5/index.php?lang=en HTTP/1.1" 200 557 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36" "-"
1.171.112.23 - - [27/Nov/2022:09:37:33 +0000] "GET /phpmyadmin/index.php?lang=en HTTP/1.1" 200 557 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36" "-"
1.171.112.23 - - [27/Nov/2022:09:37:33 +0000] "GET /admin/index.php?lang=en HTTP/1.1" 302 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36" "-"
37.36" "-"
1.171.112.23 - - [27/Nov/2022:09:37:34 +0000] "GET /db/phpMyAdmin-5/index.php?lang=en HTTP/1.1" 200 557 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36" "-"
1.171.112.23 - - [27/Nov/2022:09:37:34 +0000] "GET /sql/sql-admin/index.php?lang=en HTTP/1.1" 200 557 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36" "-"
1.171.112.23 - - [27/Nov/2022:09:37:34 +0000] "GET /administrator/PMA/index.php?lang=en HTTP/1.1" 404 179 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36" "-"
1.171.112.23 - - [27/Nov/2022:09:37:34 +0000] "GET /admin/sqladmin/index.php?lang=en HTTP/1.1" 302 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36" "-"
537.36" "-"
1.171.112.23 - - [27/Nov/2022:09:37:35 +0000] "GET /mysql/web/index.php?lang=en HTTP/1.1" 200 557 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36" "-"
1.171.112.23 - - [27/Nov/2022:09:37:35 +0000] "GET /phpmyadmin2/index.php?lang=en HTTP/1.1" 200 557 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36" "-"
1.171.112.23 - - [27/Nov/2022:09:37:35 +0000] "GET /sql/phpmy-admin/index.php?lang=en HTTP/1.1" 200 557 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36" "-"
1.171.112.23 - - [27/Nov/2022:09:37:35 +0000] "GET /sql/phpMyAdmin2/index.php?lang=en HTTP/1.1" 200 557 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36" "-"
1.171.112.23 - - [27/Nov/2022:09:37:36 +0000] "GET /phpmyadmin2021/index.php?lang=en HTTP/1.1" 200 557 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36" "-"
1.171.112.23 - - [27/Nov/2022:09:37:36 +0000] "GET /phpmyadmin2019/index.php?lang=en HTTP/1.1" 200 557 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36" "-"
1.171.112.23 - - [27/Nov/2022:09:37:36 +0000] "GET /db/index.php?lang=en HTTP/1.1" 200 557 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36" "-"
1.171.112.23 - - [27/Nov/2022:09:37:36 +0000] "GET /dbadmin/index.php?lang=en HTTP/1.1" 200 557 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36" "-"
1.171.112.23 - - [27/Nov/2022:09:37:36 +0000] "GET /sql/sqladmin/index.php?lang=en HTTP/1.1" 200 557 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36" "-"
1.171.112.23 - - [27/Nov/2022:09:37:37 +0000] "GET /phpMyAdmin-latest-english/index.php?lang=en HTTP/1.1" 200 557 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36" "-"
1.171.112.23 - - [27/Nov/2022:09:37:37 +0000] "GET /mysql/mysqlmanager/index.php?lang=en HTTP/1.1" 200 557 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36" "-"
1.171.112.23 - - [27/Nov/2022:09:37:37 +0000] "GET /db/phpmyadmin/index.php?lang=en HTTP/1.1" 200 557 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36" "-"
1.171.112.23 - - [27/Nov/2022:09:37:37 +0000] "GET /administrator/db/index.php?lang=en HTTP/1.1" 404 179 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36" "-"
1.171.112.23 - - [27/Nov/2022:09:37:37 +0000] "GET /phpmyadmin2012/index.php?lang=en HTTP/1.1" 200 557 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36" "-"
1.171.112.23 - - [27/Nov/2022:09:37:38 +0000] "GET /phpmyadmin4/index.php?lang=en HTTP/1.1" 200 557 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36" "-"
1.171.112.23 - - [27/Nov/2022:09:37:38 +0000] "GET /phpmyadmin/index.php?lang=en HTTP/1.1" 200 557 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36" "-"
1.171.112.23 - - [27/Nov/2022:09:37:38 +0000] "GET /phpMyAdmin-5.1.1/index.php?lang=en HTTP/1.1" 200 557 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36" "-"
1.171.112.23 - - [27/Nov/2022:09:37:38 +0000] "GET /db/phpmyadmin3/index.php?lang=en HTTP/1.1" 200 557 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36" "-"
1.171.112.23 - - [27/Nov/2022:09:37:38 +0000] "GET /dbadmin/index.php?lang=en HTTP/1.1" 200 557 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36" "-"
1.171.112.23 - - [27/Nov/2022:09:37:39 +0000] "GET /sql/phpmanager/index.php?lang=en HTTP/1.1" 200 557 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36" "-"
197.60.121.41 - - [2
unknown requests
192.155.90.118 - - [28/Nov/2022:02:54:21 +0000] "\x16\x03\x01\x00\x85\x01\x00\x00\x81\x03\x03>\x99\xEF\xEF\xEB\xEC\xC3\x80\x02\xA9\xD7e\xEC\xE1)\xEDS\xA9\xCE\xB63\x92P\xE2\xF9db\x02{\x1F\xDF\xA2\x00\x00 \xC0/\xC00\xC0+\xC0,\xCC\xA8\xCC\xA9\xC0\x13\xC0\x09\xC0\x14\xC0" 400 150 "-" "-" "-"
51.79.29.48 - - [28/Nov/2022:02:54:24 +0000] "POST / HTTP/1.1" 405 552 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36" "-"
51.79.29.48 - - [28/Nov/2022:02:54:24 +0000] "GET /.env HTTP/1.1" 200 557 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36" "-"
185.254.196.223 - - [28/Nov/2022:02:55:11 +0000] "GET /.env HTTP/1.1" 200 557 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36" "-"
185.254.196.223 - - [28/Nov/2022:02:55:11 +0000] "POST / HTTP/1.1" 405 552 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36" "-"
172.105.89.161 - - [28/Nov/2022:03:20:23 +0000] "\xBA\xABd\xA1EZC\xDBM\x87\xEE^\xFD\xBF\x159 X\xD4>\x12\x98\xC4<\xE0\x13\xCF\x00\xAC\xA09\xD7\x90#8~\x8C\xDE\x9DReF\xBF%1Q\xE0\x9D\x06&g\xBB\x82\x95\x19\xED\x07\x14\x19ZP\x80+\x94e\xC3\xE6\x85\x06\xA4\x99\x8B\x19l\x01\xEA\x88Y\x91\x16\x95\xC4\xC8\x0EH\x02\xC7\x93g\xC14FW\x05|\xFB\xF3T\xB8\xFD\xCB\xBB)\xE3\xCE\xDD\xCD7\x9E\xEFP\x8C\xA4[V\xFD\x98\xC9l\x82\xF5\xE4\xC1d\x87X\xF7\x9B\xBF\xE8q\x12\x99&\xDB,\xF5\x87\xD7\xA8\x97j;\xE3\xEA\xA7\xB4\xB0\x02\xAD\x8DE\x9B\xAAB\x80\x0E)\xA9\xE9\xAF}\x18\x8E\xB8\x1E\x99\x04\xEF\xA8\x8C\xE8\x04\xE2\xD3\xED)1\x91\xC1\x8F\x88\x8C\x81\xF0\xDB\xA5\x88\x95H\x9BZ\xAB\xCE\xBF\xF4E%P*\x88KFY6\x9E\xE7::j\xD4\x8A\xA8V\x9A\xAA\xAB\xAF\xC3&.\xED[\x04\xC5e\x7F\x08\xBE\x8Ar\xA7\xB0\x99F\xF7\x11\xE5\xD6\x96\x8CIm+w\x1C\xFDuU\x14\x0F!x\xAC\xE8MPy\xC3\x19!2\xA0\xED\xC0}!Rw\x14\x8E\x1B\xC4\xE1\xA0\xAF+\xADKk\xC5\xE0\x5Cs\x9C\xBD\xCB" 400 150 "-" "-" "-"
84.21.172.128 - - [28/Nov/2022:03:24:05 +0000] "POST /boaform/admin/formLogin HTTP/1.1" 405 150 "http://147.182.131.129:80/admin/login.asp" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0" "-"
84.21.172.128 - - [28/Nov/2022:03:24:05 +0000] "" 400 0 "-" "-" "-"
192.241.211.240 - - [28/Nov/2022:03:35:09 +0000] "GET / HTTP/1.1" 200 557 "-" "Mozilla/5.0 zgrab/0.x" "-"
66.240.205.34 - - [28/Nov/2022:03:47:27 +0000] "145.ll|'|'|SGFjS2VkX0Q0OTkwNjI3|'|'|WIN-JNAPIER0859|'|'|JNapier|'|'|19-02-01|'|'||'|'|Win 7 Professional SP1 x64|'|'|No|'|'|0.7d|'|'|..|'|'|AA==|'|'|112.inf|'|'|SGFjS2VkDQoxOTIuMTY4LjkyLjIyMjo1NTUyDQpEZXNrdG9wDQpjbGllbnRhLmV4ZQ0KRmFsc2UNCkZhbHNlDQpUcnVlDQpGYWxzZQ==12.act|'|'|AA==" 400 150 "-" "-" "-"
Some of these request also appear in Django logs
Not Found: /portal/redlion
Not Found: /portal/redlion
Not Found: /admin.php
Not Found: /user/15751/
Not Found: /user/15761
Not Found: //script/.env
Not Found: //script/.env
Not Found: //admin-app/.env
Not Found: //admin-app/.env
Not Found: /portal/redlion
Not Found: /administrator/db/index.php
Not Found: /administratorindex.php
Not Found: /administrator/db/index.php
Not Found: /administrator/phpMyAdmin/index.php
Not Found: /administrator/db/index.php
Not Found: /administratorindex.php
Not Found: /administrator/web/index.php
Not Found: /administrator/PMA/index.php
Not Found: /administrator/db/index.php
Not Found: /administrator/db/index.php
Not Found: /administrator/db/index.php
Not Found: /admin/login.asp
Not Found: /portal/redlion
The Nginx works on the IP ADDR without a domain
nginx.conf
upstream websocket {
server asgiserver:9000;
}
error_log /var/log/nginx/nginx_error.log warn;
server {
listen 80;
server_name xxx.xxx.xxx.xx;
server_tokens off;
error_log /var/log/nginx/nginx_error.log warn;
client_max_body_size 100M;
client_body_timeout 300s;
proxy_set_header X-Forwarded-Proto https;
location ~ /.well-known {
root /var/www/certbot;
}
location / {
root /usr/share/nginx/html;
index index.html index.htm;
try_files $uri $uri/ /index.html;
}
location /script {
try_files $uri #proxy_api;
}
location /auth {
try_files $uri #proxy_api;
}
location /user {
try_files $uri #proxy_api;
}
location /portal {
try_files $uri #proxy_api;
}
location /admin {
try_files $uri #proxy_api;
}
location #proxy_api {
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Url-Scheme $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_set_header Connection "";
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://backend:8000;
}
location /django_static/ {
autoindex on;
alias /app/backend/server/django_static/;
}
location /media {
autoindex on;
alias /app/backend/server/media;
}
location #proxy_websocket {
proxy_set_header Host $http_host;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Forwarded-For $remote_addr;
# proxy_set_header Connection $connection_upgrade;
proxy_redirect off;
resolver 10.108.0.2;
proxy_pass http://websocket;
proxy_connect_timeout 7d;
proxy_send_timeout 7d;
proxy_read_timeout 7d;
proxy_buffers 512 256M;
proxy_buffer_size 256M;
}
}
Could the server be hacked? Especially since the rate of Ram consumption increased exaggeratedly
In reaction to the last comment in the question:
"How can I ignore them in Nginx, it's hard to define a location for each endpoint in the log above"
My comment was make under the impression that you have 1 container running Nginx and another one running Django.
The Django container might have a separate (sub)domainname. Then Nginx will only pass on requests to Django is the domainname matches, not only the IP.
In your case you have the server listening to the IP address, which gives a match for all kinds of garbage based on the IP.
Recently I'm experimenting with logstach and Kibana on top of elastic over (web-)server logs. I tried to extract some attack signature like XSS & SQL injection like the following examples when logs contain < $ ' " ! .\ %22, and so on:
<script>foo</script>
<script>document.cookie=%22testkzcp=XXX;%22</script>
<meta%20http-equiv=Set-Cookie%20content=%22testvpmi=XXXX%22>
${XXXXXXXXXX+5}.action
'.print(md5(XXXXX)).'
${#print(md5(XXXXX))}\
";print(md5(XXXXX));$a="
!(()&&!|*|*|
.\.\.\.\.\.\.\.\.\.\/windows/win.ini
The following is the common error I get when using"((", ".\", "OR" or "$" and so on using KQL:
KQLSyntaxError: Expected ":", "<", "<=", ">", ">=", AND, OR, end of input, whitespace but ")" found.
I checked The Kibana Query Language (KQL) and tried to use * as wildcard_queries beside of interesting term "</script>" or "%22</script>" through my desired timestamp but it was unsuccessful. I also checked Escaping special characters in elasticsearch.
So The question is, What is the best practice for using KQL to filter/search desired string-based attack signature over logs. Please give an example for the above-mentioned attack signatures.
Edit1: I found the post that says it's possible to solve this problem using Regex in KQL as well as some workaround here & here, So I'm also interested in finding Regex-based solution to find the afore-mentioned pattern in KQL.
Example web requests within the above-mentioned patterns:
[21/Jan/2021:02:02:23 +0000] XX.XXX.XXX.X "-" "GET / HTTP/1.1" 403 "-b" 0b 1ms "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4512.0 Safari/537.36" XXX.XXX.XX.XX 42109 "'>"></title></style></textarea></noscript></template></script><script/src="//bxss.me/s?u=074623&r=74172-18&h=74172-7bf88-2&"></script>" "'>"></title></style></textarea></noscript></template></script><script/src="//bxss.me/s?u=074623&r=74172-18&h=74172-7bf88-2&"></script>" - - TLSv1.2 -,-,-
[19/Jan/2021:23:02:37 +0000] XXX.XXX.XXX.XX "-" "GET / HTTP/1.1" 403 "-b" 0b 1ms "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4512.0 Safari/537.36" XXX.XXX.XX.XX 42109 "-1" OR 2+190-190-1=0+0+0+1 --" "-1" OR 2+190-190-1=0+0+0+1 --" - - TLSv1.2 -,-,-
[10/Jan/2021:01:11:02 +0000] XXX.XXX.XX.XX "-" "GET / HTTP/1.1" 403 "-b" 0b 1ms "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4512.0 Safari/537.36" XXX.XXX.XX.XX 42133 "${#print(md5(31337))}" "${#print(md5(31337))}" - - TLSv1.2 -,-,-
[18/Jan/2022:09:13:00 +0000] XXX.XXX.XX.XX "-" "GET / HTTP/1.1" 403 "-b" 0b 1ms "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4512.0 Safari/537.36" XXX.XXX.XX.XX 42133 ")))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))" ")))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))" - - TLSv1.2 -,-,-
I'll be candid - I know very little about websockets, my config file was setup by a developer we had years ago, and even then I dont think his configuration was correct. All the HTTP(S) REST API responses work, but the websockets features are having issues.
I am getting an error from the web console in production, everything works on local:
WebSocket connection to 'wss://my.website.com/socket.io/?EIO=3&transport=websocket&sid=bE54hfVzKjRVT5H1AR1i' failed:
I have a little bit of a difficult environment where my socket.io server is running
In our AWS environment I have a Linux server running NGINX, because this sits behind a public facing AWS load balancer (public facing listens via 443 with SSL) sending traffic down through port 80 to the actual box, all the certificates are handled at the AWS load balancer rather than on box.
as a secondary issue, is there a reason my old developer would add keepalive 64 on a websocket server? the verbiage seems to be odd when websockets are supposed to stay up for long periods of time?
I know my issue has to be in the NGINX config, I dont suspect my issue is in my load balancer but I dont know where to start
from my local machine, I have tried to change the url in my config to ws:// and wss:// with no success
upstream my_nodejs_upstream {
server 127.0.0.1:8080;
keepalive 64;
}
server {
listen 80;
server_name my_nodejs_server;
root /home/www/application;
location / {
server_tokens off;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_max_temp_file_size 0;
proxy_pass http://my_nodejs_upstream/;
proxy_redirect off;
proxy_read_timeout 240s;
}
}
Nodejs
const express = require('express')
const app = express()
const server = require('http').Server(app)
const io = require('socket.io')(server) // v2.0.4
io.on('connection', (socket) => {
// ...
})
// ...
app.use((req, res, next) => {
res.io = io
next()
})
app.use('/', require('./routes'))
const port = process.env.PORT
server.listen(port, () => {
// ...
})
client
const socket = io.connect(process.env.SOCKET_SERVER)
socket.on('connect', () => {
socket.emit('...', ...)
})
socket.on('...', data => {
// ...
})
access.log -> filtered for 400 errors
10.3.0.225 - - [29/Jul/2021:18:43:26 +0000] "GET /socket.io/?EIO=3&transport=websocket&sid=QNqTyFYHniVsHwRVATA- HTTP/1.1" 400 45 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36"
10.3.0.225 - - [29/Jul/2021:18:43:26 +0000] "GET /socket.io/?EIO=3&transport=websocket&sid=eL9XCFhOpUc1x8v5ATA_ HTTP/1.1" 400 45 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36"
10.3.0.225 - - [29/Jul/2021:18:43:26 +0000] "GET /socket.io/?EIO=3&transport=websocket&sid=sUeUwuQ0WZZ6srppATBB HTTP/1.1" 400 45 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36"
10.3.0.225 - - [29/Jul/2021:18:43:26 +0000] "GET /socket.io/?EIO=3&transport=websocket&sid=RFmviPReFWc6jj0JATBA HTTP/1.1" 400 45 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36"
10.3.0.225 - - [29/Jul/2021:18:43:26 +0000] "GET /socket.io/?EIO=3&transport=websocket&sid=h_-JSjypuJkd1VB9ATBC HTTP/1.1" 400 45 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36"
10.3.0.225 - - [29/Jul/2021:18:43:26 +0000] "GET /socket.io/?EIO=3&transport=websocket&sid=aGtQf1Ei2YFt-mfZATBD HTTP/1.1" 400 45 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36"
10.3.0.225 - - [29/Jul/2021:18:43:27 +0000] "GET /socket.io/?EIO=3&transport=websocket&sid=B3uR9cdYoZS28pJ2ATAh HTTP/1.1" 400 45 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36"
10.3.0.45 - - [29/Jul/2021:18:43:27 +0000] "POST /socket.io/?EIO=3&transport=polling&t=Nhpb0Yf&sid=ok8WIn_zywc-5LhOAS_a HTTP/1.1" 400 52 "https://my.ui-server.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36"
10.3.0.225 - - [29/Jul/2021:18:43:27 +0000] "POST /socket.io/?EIO=3&transport=polling&t=Nhpb0Yf.0&sid=EJYczgk3g6MkfXWRAS_b HTTP/1.1" 400 52 "https://my.ui-server.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36"
10.3.0.225 - - [29/Jul/2021:18:43:29 +0000] "GET /socket.io/?EIO=3&transport=websocket&sid=jFE3Zhm59giR0_tYATBE HTTP/1.1" 400 45 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36"
10.3.0.225 - - [29/Jul/2021:18:43:30 +0000] "GET /socket.io/?EIO=3&transport=websocket&sid=MK_Cxs3O2miJqc8EATBF HTTP/1.1" 400 45 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36"
10.3.0.225 - - [29/Jul/2021:18:43:35 +0000] "POST /socket.io/?EIO=3&transport=polling&t=NhpayDE&sid=dweMe6kGyqK-Yt0qATAZ HTTP/1.1" 400 52 "https://my.ui-server.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.164 Safari/537.36"
10.3.0.225 - - [29/Jul/2021:18:43:35 +0000] "GET /socket.io/?EIO=3&transport=polling&t=NhpayDE.0&sid=dweMe6kGyqK-Yt0qATAZ HTTP/1.1" 400 52 "https://my.ui-server.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.164 Safari/537.36"
10.3.0.225 - - [29/Jul/2021:18:43:35 +0000] "POST /socket.io/?EIO=3&transport=polling&t=Nhpb2XP&sid=375bccUv_aKZr9saATAW HTTP/1.1" 400 52 "https://my.ui-server.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.164 Safari/537.36"
10.3.0.225 - - [29/Jul/2021:18:43:35 +0000] "POST /socket.io/?EIO=3&transport=polling&t=Nhpb2XV&sid=cnTj1b2cB9G_SldMATAY HTTP/1.1" 400 52 "https://my.ui-server.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.164 Safari/537.36"
10.3.0.225 - - [29/Jul/2021:18:43:35 +0000] "POST /socket.io/?EIO=3&transport=polling&t=Nhpb2XW&sid=8MEo84boodpm5OPyAS_n HTTP/1.1" 400 52 "https://my.ui-server.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.164 Safari/537.36"
10.3.0.225 - - [29/Jul/2021:18:43:35 +0000] "POST /socket.io/?EIO=3&transport=polling&t=Nhpb2Xx&sid=7d0LBCT9jvM-Q9PoATAU HTTP/1.1" 400 52 "https://my.ui-server.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.164 Safari/537.36"
10.3.0.225 - - [29/Jul/2021:18:43:35 +0000] "POST /socket.io/?EIO=3&transport=polling&t=Nhpb2Y3&sid=DpMuhNMh9jFvu7neATAV HTTP/1.1" 400 52 "https://my.ui-server.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.164 Safari/537.36"
10.3.0.225 - - [29/Jul/2021:18:43:35 +0000] "POST /socket.io/?EIO=3&transport=polling&t=Nhpb2YF&sid=_Ndcj-_BAej_YUjNATAX HTTP/1.1" 400 52 "https://my.ui-server.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.164 Safari/537.36"
10.3.0.225 - - [29/Jul/2021:18:43:35 +0000] "POST /socket.io/?EIO=3&transport=polling&t=Nhpb3Y7&sid=dweMe6kGyqK-Yt0qATAZ HTTP/1.1" 400 52 "https://my.ui-server.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.164 Safari/537.36"
10.3.0.225 - - [29/Jul/2021:18:43:35 +0000] "GET /socket.io/?EIO=3&transport=websocket&sid=ULibUHaBWhNSu7hdATBK HTTP/1.1" 400 45 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.164 Safari/537.36"
10.3.0.225 - - [29/Jul/2021:18:43:35 +0000] "GET /socket.io/?EIO=3&transport=websocket&sid=KXUistz6s0Emu06kATBM HTTP/1.1" 400 45 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.164 Safari/537.36"
10.3.0.225 - - [29/Jul/2021:18:43:35 +0000] "GET /socket.io/?EIO=3&transport=websocket&sid=fuOE0YD01avGKg_gATBN HTTP/1.1" 400 45 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.164 Safari/537.36"
10.3.0.225 - - [29/Jul/2021:18:43:35 +0000] "GET /socket.io/?EIO=3&transport=websocket&sid=8T994wWah-1azLgoATBO HTTP/1.1" 400 45 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.164 Safari/537.36"
10.3.0.225 - - [29/Jul/2021:18:43:35 +0000] "GET /socket.io/?EIO=3&transport=websocket&sid=dReJzIK5lgkHblh4ATBP HTTP/1.1" 400 45 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.164 Safari/537.36"
10.3.0.225 - - [29/Jul/2021:18:43:36 +0000] "GET /socket.io/?EIO=3&transport=websocket&sid=eO_a9FJ0HWH_LSuDATBQ HTTP/1.1" 400 45 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.164 Safari/537.36"
I did not find anything meaningful inside the error.log
$ cat error.log
2021/07/29 06:08:01 [notice] 10145#10145: using inherited sockets from "6;"
I'm currently deploying the Django & React Web on the Elastic Beanstalk, but I still get the 500 error. Is there any method to get rid of this error? I use PostgreSQL, and I grepped only 500 errors down below.
Here's my git repository:
https://github.com/ujin43255252/davidgram
172.31.1.112 (14.231.228.185) - - [18/Jul/2018:12:02:48 +0000] "GET / HTTP/1.1" 500 527 "-" "-"
172.31.1.112 (143.248.234.146) - - [18/Jul/2018:12:17:10 +0000] "GET /admin HTTP/1.1" 500 527 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36"
172.31.1.112 (143.248.234.146) - - [18/Jul/2018:12:17:10 +0000] "GET /favicon.ico HTTP/1.1" 500 527 "http://davidgram.ap-northeast-2.elasticbeanstalk.com/admin" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36"
172.31.1.112 (143.248.234.146) - - [18/Jul/2018:12:18:29 +0000] "GET / HTTP/1.1" 500 527 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36"
172.31.1.112 (143.248.234.146) - - [18/Jul/2018:12:18:29 +0000] "GET /favicon.ico HTTP/1.1" 500 527 "http://davidgram.ap-northeast-2.elasticbeanstalk.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36"
172.31.29.137 (31.184.194.109) - - [18/Jul/2018:12:18:33 +0000] "GET / HTTP/1.1" 500 527 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36"
127.0.0.1 (-) - - [18/Jul/2018:12:25:07 +0000] "GET / HTTP/1.1" 500 527 "-" "Python-urllib/2.7"
127.0.0.1 (-) - - [18/Jul/2018:12:25:08 +0000] "GET / HTTP/1.1" 500 527 "-" "Python-urllib/2.7"
127.0.0.1 (-) - - [18/Jul/2018:12:25:09 +0000] "GET / HTTP/1.1" 500 527 "-" "Python-urllib/2.7"
127.0.0.1 (-) - - [18/Jul/2018:12:25:10 +0000] "GET / HTTP/1.1" 500 527 "-" "Python-urllib/2.7"
172.31.1.112 (143.248.234.146) - - [18/Jul/2018:12:25:57 +0000] "GET /robots.txt HTTP/1.1" 500 527 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36"
172.31.1.112 (143.248.234.146) - - [18/Jul/2018:12:26:00 +0000] "GET / HTTP/1.1" 500 527 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36"
172.31.1.112 (143.248.234.146) - - [18/Jul/2018:12:26:00 +0000] "GET /favicon.ico HTTP/1.1" 500 527 "http://davidgram.ap-northeast-2.elasticbeanstalk.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36"
172.31.29.137 (85.69.223.3) - - [18/Jul/2018:12:30:18 +0000] "GET / HTTP/1.1" 500 527 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36"
172.31.29.137 (85.69.223.3) - - [18/Jul/2018:12:30:24 +0000] "GET / HTTP/1.1" 500 527 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36"
172.31.29.137 (203.189.153.192) - - [18/Jul/2018:12:38:27 +0000] "GET / HTTP/1.1" 500 527 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36"
172.31.29.137 (209.126.136.4) - - [18/Jul/2018:12:54:02 +0000] "GET / HTTP/1.1" 500 527 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36"
172.31.29.137 (164.177.41.204) - - [18/Jul/2018:12:54:15 +0000] "GET / HTTP/1.1" 500 527 "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)"
172.31.1.112 (209.126.136.4) - - [18/Jul/2018:13:04:00 +0000] "GET / HTTP/1.1" 500 527 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36"
172.31.1.112 (143.248.234.146) - - [18/Jul/2018:13:10:59 +0000] "GET /robots.txt HTTP/1.1" 500 527 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36"
172.31.1.112 (143.248.234.146) - - [18/Jul/2018:13:10:59 +0000] "GET /favicon.ico HTTP/1.1" 500 527 "http://davidgram.ap-northeast-2.elasticbeanstalk.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36"
172.31.1.112 (177.189.145.3) - - [18/Jul/2018:13:14:41 +0000] "GET / HTTP/1.1" 500 527 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36"
172.31.29.137 (47.203.88.236) - - [18/Jul/2018:13:24:38 +0000] "GET / HTTP/1.1" 500 527 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.28) Gecko/20120306 Firefox/3.6.28 (.NET CLR 3.5.30729)"
172.31.29.137 (31.184.194.109) - - [18/Jul/2018:13:37:56 +0000] "GET / HTTP/1.1" 500 527 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36"
172.31.29.137 (203.190.43.78) - - [18/Jul/2018:13:56:50 +0000] "GET / HTTP/1.1" 500 527 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36"
172.31.1.112 (179.55.191.177) - - [18/Jul/2018:14:38:19 +0000] "GET / HTTP/1.1" 500 527 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36"
172.31.1.112 (143.208.246.121) - - [18/Jul/2018:15:02:31 +0000] "GET / HTTP/1.1" 500 527 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36"
127.0.0.1 (-) - - [18/Jul/2018:15:19:05 +0000] "GET / HTTP/1.1" 500 527 "-" "Python-urllib/2.7"
127.0.0.1 (-) - - [18/Jul/2018:15:19:07 +0000] "GET / HTTP/1.1" 500 527 "-" "Python-urllib/2.7"
127.0.0.1 (-) - - [18/Jul/2018:15:19:08 +0000] "GET / HTTP/1.1" 500 527 "-" "Python-urllib/2.7"
127.0.0.1 (-) - - [18/Jul/2018:15:19:09 +0000] "GET / HTTP/1.1" 500 527 "-" "Python-urllib/2.7"
172.31.29.137 (37.26.87.166) - - [18/Jul/2018:15:22:44 +0000] "GET / HTTP/1.1" 500 527 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36"
172.31.29.137 (70.51.79.246) - - [18/Jul/2018:15:34:30 +0000] "GET / HTTP/1.1" 500 527 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36"
172.31.29.137 (70.51.79.246) - - [18/Jul/2018:15:34:35 +0000] "GET / HTTP/1.1" 500 527 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36"
172.31.29.137 (103.255.74.132) - - [18/Jul/2018:15:34:52 +0000] "GET / HTTP/1.1" 500 527 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36"
172.31.29.137 (37.63.239.222) - - [18/Jul/2018:15:42:01 +0000] "GET / HTTP/1.1" 500 527 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/601.7.7 (KHTML, like Gecko) Version/9.1.2 Safari/601.7.7"
127.0.0.1 (-) - - [18/Jul/2018:15:44:02 +0000] "GET / HTTP/1.1" 500 527 "-" "Python-urllib/2.7"
127.0.0.1 (-) - - [18/Jul/2018:15:44:04 +0000] "GET / HTTP/1.1" 500 527 "-" "Python-urllib/2.7"
127.0.0.1 (-) - - [18/Jul/2018:15:44:05 +0000] "GET / HTTP/1.1" 500 527 "-" "Python-urllib/2.7"
127.0.0.1 (-) - - [18/Jul/2018:15:44:06 +0000] "GET / HTTP/1.1" 500 527 "-" "Python-urllib/2.7"
172.31.29.137 (143.248.234.146) - - [18/Jul/2018:15:44:26 +0000] "GET /robots.txt HTTP/1.1" 500 527 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36"
172.31.29.137 (143.248.234.146) - - [18/Jul/2018:15:44:27 +0000] "GET / HTTP/1.1" 500 527 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36"
172.31.29.137 (143.248.234.146) - - [18/Jul/2018:15:44:28 +0000] "GET /favicon.ico HTTP/1.1" 500 527 "http://davidgram.ap-northeast-2.elasticbeanstalk.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36"
172.31.29.137 (143.248.234.146) - - [18/Jul/2018:15:44:29 +0000] "GET / HTTP/1.1" 500 527 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36"
172.31.29.137 (143.248.234.146) - - [18/Jul/2018:15:44:29 +0000] "GET /favicon.ico HTTP/1.1" 500 527 "http://davidgram.ap-northeast-2.elasticbeanstalk.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36"
I suspect if this is one of your first deployments, that you simply have not added the Elastic Beanstalk hostname to ALLOWED_HOSTS in your settings.py.
But without the actual error logs, that is hard to be sure of. Using the Elastic Beanstalk console, you should be able to click "request logs" and then request the last 100 lines. One of the logfiles you will get from that is the error log, that has more detailed debugging information.
We display some web pages in our MFC application. We use an ordinary IWebBrowser2 object, and we just do a Navigate2() call to display a certain URL.
But often, the page is not displayed. We just get a blank (white) control in our dialog. If we right click and choose "Refresh", the page is displayed correctly. This doesn't happend all the time - sometimes the page is displayed as it should without Refresh.
And everything seems to be OK on the server. This is the log:
--- we do a Navigate2()
172.16.0.119 - - [24/Apr/2017:15:05:10 +0200] "GET /home/Rapport/a57cafd8-28ee-11e7-97b5-43f9990267b7.xml HTTP/1.1" 200 31095 "-" "Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.79 Safari/537.36 Edge/14.9200"
172.16.0.119 - - [24/Apr/2017:15:05:10 +0200] "GET /xslt/KVE865001.xslt HTTP/1.1" 200 10742 "http://172.29.8.80/xslt/KVE865001.xslt" "Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.79 Safari/537.36 Edge/14.9200"
--- we do a Refresh
172.16.0.119 - - [24/Apr/2017:15:05:40 +0200] "GET /home/Rapport/a57cafd8-28ee-11e7-97b5-43f9990267b7.xml HTTP/1.1" 304 - "-" "Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.79 Safari/537.36 Edge/14.9200"
172.16.0.119 - - [24/Apr/2017:15:05:40 +0200] "GET /xslt/KVE865001.xslt HTTP/1.1" 304 - "http://172.29.8.80/xslt/KVE865001.xslt" "Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.79 Safari/537.36 Edge/14.9200"
172.16.0.119 - - [24/Apr/2017:15:05:40 +0200] "GET /css/styles01.css HTTP/1.1" 200 905 "http://172.29.8.80/home/Rapport/a57cafd8-28ee-11e7-97b5-43f9990267b7.xml" "Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.79 Safari/537.36 Edge/14.9200"
172.16.0.119 - - [24/Apr/2017:15:05:40 +0200] "GET /images/topleft01.gif HTTP/1.1" 200 207 "http://172.29.8.80/home/Rapport/a57cafd8-28ee-11e7-97b5-43f9990267b7.xml" "Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.79 Safari/537.36 Edge/14.9200"
172.16.0.119 - - [24/Apr/2017:15:05:40 +0200] "GET /images/topright01.gif HTTP/1.1" 200 211 "http://172.29.8.80/home/Rapport/a57cafd8-28ee-11e7-97b5-43f9990267b7.xml" "Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.79 Safari/537.36 Edge/14.9200"
172.16.0.119 - - [24/Apr/2017:15:05:40 +0200] "GET /images/bottomleft01.gif HTTP/1.1" 200 209 "http://172.29.8.80/home/Rapport/a57cafd8-28ee-11e7-97b5-43f9990267b7.xml" "Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.79 Safari/537.36 Edge/14.9200"
172.16.0.119 - - [24/Apr/2017:15:05:40 +0200] "GET /images/bottomright01.gif HTTP/1.1" 200 208 "http://172.29.8.80/home/Rapport/a57cafd8-28ee-11e7-97b5-43f9990267b7.xml" "Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.79 Safari/537.36 Edge/14.9200"
First, only the XML and the XSLT files are fetched from the server - and the control is blank. When we Refresh, those files are fetched again. They don't need to be sent, though (status 304), so they were fetched correctly the first time. But the second time, the web browser control moves on, and also gets the CSS file and a couple of GIF:s. And the page is displayed.
Does anybody knows what could cause this "half hearted" loading of the web page the first time? Is there some "IWebBrowser2 quirk" we should know about, or something we could do differently in our application? We haven't been able to solve this - I would be VERY grateful for some help!
/Anders from Sweden